Assurance and business continuity

Management assurance framework

Read our management assurance framework. This document outlines the need for us to have an effective business control environment, reliable information systems, and internal controls.

External assurance

The Standard on Assurance Engagements ASAE 3402 'Assurance Reports on Controls at a Service Organisation' requires us to describe our systems. Log in to QSS's Self-Service Centre to read our system description. This documents our finance, human resources and technology services, transactions, system control objectives, and controls designed to achieve those objectives.

Payment Card Industry Data Security Standard

QSS's cardholder data controls meet the Payment Card Industry Data Security Standard (PCI DSS).

We completed an assessment of our processes for accepting, storing and transmitting cardholder information in July 2016. We successfully met all requirements and received a Certificate of Compliance.

Business continuity management

We have embedded business continuity management practices that align to:

  • Information Standard – Information Security (IS18)
  • department business continuity and disaster management framework, policy and guidelines
  • Business Continuity Institute Good Practice Guidelines 2013.